How one guy's exercise routine made him a burglary suspect, thanks to Google's Geofence Warrants

At 30-years-old, Zachary McCoy was really getting his shit together. He'd recently finished his associate's degree in computer programming, and he was exercising on the reg, riding his bike around his Gainesville, Florida neighbor and tracking his progress on the RunKeeper app. Things were looking up — until the morning when he got that fateful email. From NBC News:

It was from Google’s legal investigations support team, writing to let him know that local police had demanded information related to his Google account. The company said it would release the data unless he went to court and tried to block it. He had just seven days.

[…]

[McCoy's parents] agreed to dip into their savings to pay for a lawyer. The lawyer, Caleb Kenyon, dug around and learned that the notice had been prompted by a “geofence warrant,” a police surveillance tool that casts a virtual dragnet over crime scenes, sweeping up Google location data — drawn from users’ GPS, Bluetooth, Wi-Fi and cellular connections — from everyone nearby. […]

[McCoy] looked up his route [on the RunKeeper app] on the day of the March 29, 2019, burglary and saw that he had passed the victim’s house three times within an hour, part of his frequent loops through his neighborhood, he said.

“It was a nightmare scenario,” McCoy recalled. “I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.”

Read the rest

AT&T, T-Mobile, Sprint, Verizon face FCC fines after probe finds they failed to protect user location data

AT&T, T-Mobile, Sprint, and Verizon are among the telecommunications carriers facing hundreds of millions of dollars in fines from the Federal Communications Commission after a federal investigation found the companies didn't do enough to protect the location data of users. Read the rest

New York Times analyzes a leaked set of location data from a private broker, sounds the alarm

In 2017, a string of reports revealed that data-brokers were acquiring and linking titanic sets of location data from apps and mobile carriers and mining that data (and sometimes selling it outright). The carriers promised they'd end the practice, but they were lying. A year later, fresh reports surfaced of both app- and carrier-derived location data being sold, often by companies whose lack of elementary security meant that the data was effectively available to anyone. Then we learned that carriers were supplying fine-grained, realtime location data that was ending up in the hands of bounty hunters, skip tracers, and crooks and stalkers (naturally Ajit Pai's FCC had helped them get away with it0. Read the rest

Apple poses a false dichotomy between "privacy" and "competition"

Back in September, a Congressional committee investigating anticompetitive conduct by America's tech giants sent a letter to Apple (among other Big Tech firms) asking it for details of business practices that seem nakedly anticompetitive; Apple's response seeks to justify much of that conduct by saying that it is essential to protecting its users' privacy. Read the rest

Manhattan DA served Google with a "reverse search warrant" in a bid to prosecute antifa protesters

In October 2018, Proud Boys founder Gavin McInnes was invited to speak at the Manhattan Republican club, drawing neo-Nazi supporters and antifa protesters; Proud Boy thugs waded into the protest and began indiscriminately attacking the protesters. Read the rest

Vast majority of Americans and Europeans believe ad-targeting and feed customization are immoral

An RSA survey of 6,000 US and EU adults found that only a minority (48%) believes there is any ethical way to use personal data (that figure rises to 60% when considering US respondents alone); 57% believe that data-breaches are the fault of companies for gathering and retaining data, not the hackers who release it; only 17% believe that ad customization is moral; and only 24% believe that newsfeed customization is moral. Read the rest

Toronto cops can frequently get your public transit history without a warrant

Metrolinx, the provincial agency that supplies the Presto cards used to pay for public transit rides in Toronto, has continued to hand over riders' travel history to Toronto-area cops without asking for a warrant. Read the rest

Data-broker implicated in bounty-hunters' access to mobile location data lobbied FCC to fight consent for sharing location data

When Motherboard broke the story of a thriving underground in bounty-hunters and other unsavory sorts buying realtime location data from America's cellular carriers, many were outraged that the carriers had not lived up to their year-old promises to fix that massive hole in our location data. Read the rest

Trump's FCC chairman won't do anything about your cellular company selling your location to bountyhunters because shutdown

Motherboard's blockbuster story about mobile carriers selling your realtime location data into a marketplace where bounty hunters and other villains can buy it for just a few dollars has triggered an urgent, national conversation about the fact that, in the year since the first stories about this emerged, the carriers have not only failed to live up to their promises to put a stop to it, but seem to have made it even worse. Read the rest

Google Fi to carriers: don't sell our customers' location data to third parties

In the wake of this week's Motherboard scoop that the major US carriers sell customers' location data to marketing companies that sell it on to bounty hunters and other unsavory characters, Google has disclosed that they have told the carriers that supply service for its Google Fi mobile virtual network operator (MVNO) that they expect that Fi customers' data will not be sold this way. Read the rest

Why the hell do we continue to believe the carriers' promises to respect our privacy?

There have been several attempts to force the US telcoms industry to respect our privacy: to stop our ISPs from spying on us and selling our usage data to marketers, to stop the mobile carriers from spying on our location and selling the data to marketers (and, it turns out, stalkers and bounty hunters), and every attempt has fizzled, as telcoms lobbyists and telcoms-funded lawmakers have sold us out, saying that the privacy rules are unnecessary because the carriers wouldn't do anything too sketchy lest they suffer reputational damage. Read the rest

Bounty hunters track targets by buying realtime location data generated by T-Mobile, Sprint, and AT&T

If you want to follow someone in realtime, you don't need to shell out to shady data-brokers like Securus (which use a marketing company that exploits a privacy law loophole to obtain phone location data); there are a whole constellation of location data resellers who will do business with anyone, regardless of the notional privacy protections they promise the carriers they'll put in place. Read the rest

Surveillance libraries in common smartphone apps have amassed dossiers on the minute-to-minute movements of 200 million+ Americans

An investigation by the New York Times into the shadowy world of location-data brokerages found a whole menagerie of companies from IBM, Foursquare and the Weather Channel to obscure players like Groundtruth, Fysical and Safegraph, who pay app vendors to include their tracking code in common apps. Read the rest

EBGAP: Error Between Google and Privacy

The year is 2031, and I'm going to see Avengers 7 in 8K-vision. I hop in my Goober self-driving car and notice something strange – my location is displayed on the Goober Dashboard, even though I opted out of Google AlwaysTrack™! There's a complete disconnect between what the user interface is telling me and what actually happens without my knowledge or consent.

China mandates radio-tracking beacons in all cars

As of July 1, registering a car in China will involve registering an RFID radio-beacon that will be planted on the car in order to track its movements. Read the rest

The most interesting thing about the "Thanksgiving Effect" study is what it tells us about the limits of data anonymization

Late last year, a pair of economists released an interesting paper that used mobile location data to estimate the likelihood that political polarization had shortened family Thanksgiving dinners in 2016. Read the rest

Ad brokers are selling the fact that you visited an emergency room to ambulance-chasing lawyers

Philadelphia's WHYY radio reports that visitors to the city's hospital emergency room are blitzed for weeks with ads for personal injury lawyers, thanks to "geofenced ad" brokerages. Read the rest

More posts